#include <PeerConnector.h>

Inheritance diagram for Security::PeerConnector:
Collaboration diagram for Security::PeerConnector:

Classes

class  CbDialer
 Callback dialer API to allow PeerConnector to set the answer. More...
 

Public Types

typedef CbcPointer< PeerConnectorPointer
 

Public Member Functions

 PeerConnector (const Comm::ConnectionPointer &aServerConn, AsyncCall::Pointer &aCallback, const AccessLogEntryPointer &alp, const time_t timeout=0)
 
virtual ~PeerConnector ()
 
bool canBeCalled (AsyncCall &call) const
 whether we can be called More...
 
void callStart (AsyncCall &call)
 
virtual void callEnd ()
 called right after the called job method More...
 
virtual void callException (const std::exception &e)
 called when the job throws during an async call More...
 
virtual void * toCbdata ()=0
 

Static Public Member Functions

static Pointer Start (AsyncJob *job)
 starts a freshly created job (i.e., makes the job asynchronous) More...
 

Public Attributes

bool noteFwdPconnUse
 hack: whether the connection requires fwdPconnPool->noteUses() More...
 

Protected Member Functions

virtual void start ()
 Preps connection and SSL state. Calls negotiate(). More...
 
virtual bool doneAll () const
 whether positive goal has been reached More...
 
virtual void swanSong ()
 
virtual const char * status () const
 internal cleanup; do not call directly More...
 
void commTimeoutHandler (const CommTimeoutCbParams &)
 The connection read timeout callback handler. More...
 
void commCloseHandler (const CommCloseCbParams &params)
 The comm_close callback handler. More...
 
virtual bool initialize (Security::SessionPointer &)
 
void negotiate ()
 
bool sslFinalized ()
 
void handleNegotiationResult (const Security::IoResult &)
 Called after each negotiation step to handle the result. More...
 
void noteWantRead ()
 
bool isSuspended () const
 Whether TLS negotiation has been paused and not yet resumed. More...
 
void suspendNegotiation (const Security::IoResult &lastError)
 
void resumeNegotiation ()
 Resumes TLS negotiation paused by suspendNegotiation() More...
 
void handleMissingCertificates (const Security::IoResult &lastError)
 Either initiates fetching of missing certificates or bails with an error. More...
 
void startCertDownloading (SBuf &url)
 Start downloading procedure for the given URL. More...
 
void certDownloadingDone (SBuf &object, int status)
 Called by Downloader after a certificate object downloaded. More...
 
virtual void noteWantWrite ()
 
virtual void noteNegotiationError (const Security::ErrorDetailPointer &)
 Called when the SSL_connect function aborts with an SSL negotiation error. More...
 
virtual void noteNegotiationDone (ErrorState *error)
 
virtual Security::ContextPointer getTlsContext ()=0
 
Comm::ConnectionPointer const & serverConnection () const
 mimics FwdState to minimize changes to FwdState::initiate/negotiateSsl More...
 
void bail (ErrorState *error)
 sends the given error to the initiator More...
 
void sendSuccess ()
 sends the encrypted connection to the initiator More...
 
void callBack ()
 a bail(), sendSuccess() helper: sends results to the initiator More...
 
void disconnect ()
 a bail(), sendSuccess() helper: stops monitoring the connection More...
 
void bypassCertValidator ()
 If called the certificates validator will not used. More...
 
void recordNegotiationDetails ()
 
void deleteThis (const char *aReason)
 
void mustStop (const char *aReason)
 
bool done () const
 the job is destroyed in callEnd() when done() More...
 

Protected Attributes

HttpRequestPointer request
 peer connection trigger or cause More...
 
Comm::ConnectionPointer serverConn
 TCP connection to the peer. More...
 
AccessLogEntryPointer al
 info for the future access.log entry More...
 
AsyncCall::Pointer callback
 we call this with the results More...
 
const char * stopReason
 reason for forcing done() to be true More...
 
const char * typeName
 kid (leaf) class name, for debugging More...
 
AsyncCall::Pointer inCall
 the asynchronous call being handled, if any More...
 
const InstanceId< AsyncJobid
 job identifier More...
 

Private Member Functions

 CBDATA_CLASS (PeerConnector)
 
 PeerConnector (const PeerConnector &)
 
PeerConnectoroperator= (const PeerConnector &)
 
unsigned int certDownloadNestingLevel () const
 the number of concurrent PeerConnector jobs waiting for us More...
 
void sslCrtvdHandleReply (Ssl::CertValidationResponsePointer)
 Process response from cert validator helper. More...
 
Security::CertErrorssslCrtvdCheckForErrors (Ssl::CertValidationResponse const &, ErrorDetailPointer &)
 Check SSL errors returned from cert validator against sslproxy_cert_error access list. More...
 
bool computeMissingCertificateUrls (const Connection &)
 finds URLs of (some) missing intermediate certificates or returns false More...
 
void negotiateSsl ()
 Comm::SetSelect() callback. Direct calls tickle/resume negotiations. More...
 

Static Private Member Functions

static void NegotiateSsl (int fd, void *data)
 A wrapper for Comm::SetSelect() notifications. More...
 

Private Attributes

AsyncCall::Pointer closeHandler
 we call this when the connection closed More...
 
time_t negotiationTimeout
 the SSL connection timeout to use More...
 
time_t startTime
 when the peer connector negotiation started More...
 
bool useCertValidator_
 
std::queue< SBufurlsOfMissingCerts
 The list of URLs where missing certificates should be downloaded. More...
 
unsigned int certsDownloads
 the number of downloaded missing certificates More...
 
Ssl::X509_STACK_Pointer downloadedCerts
 successfully downloaded intermediate certificates (omitted by the peer) More...
 
Security::IoResultPointer suspendedError_
 outcome of the last (failed and) suspended negotiation attempt (or nil) More...
 

Static Private Attributes

static const unsigned int MaxCertsDownloads = 10
 The maximum number of missing certificates a single PeerConnector may download. More...
 
static const unsigned int MaxNestedDownloads = 3
 The maximum number of inter-dependent Downloader jobs a worker may initiate. More...
 

Detailed Description

Initiates encryption of a given open TCP connection to a peer or server. Despite its name does not perform any connect(2) operations. Owns the connection during TLS negotiations. The caller receives EncryptorAnswer.

Contains common code and interfaces of various specialized PeerConnector's, including peer certificate validation code.

Definition at line 44 of file PeerConnector.h.

Member Typedef Documentation

◆ Pointer

Constructor & Destructor Documentation

◆ PeerConnector() [1/2]

Security::PeerConnector::PeerConnector ( const Comm::ConnectionPointer aServerConn,
AsyncCall::Pointer aCallback,
const AccessLogEntryPointer alp,
const time_t  timeout = 0 
)

◆ ~PeerConnector()

Security::PeerConnector::~PeerConnector ( )
virtualdefault

◆ PeerConnector() [2/2]

Security::PeerConnector::PeerConnector ( const PeerConnector )
private

Member Function Documentation

◆ bail()

void Security::PeerConnector::bail ( ErrorState error)
protected

◆ bypassCertValidator()

void Security::PeerConnector::bypassCertValidator ( )
inlineprotected

Definition at line 156 of file PeerConnector.h.

References useCertValidator_.

◆ callBack()

void Security::PeerConnector::callBack ( )
protected

◆ callEnd()

void AsyncJob::callEnd ( )
virtualinherited

◆ callException()

◆ callStart()

void AsyncJob::callStart ( AsyncCall call)
inherited

◆ canBeCalled()

bool AsyncJob::canBeCalled ( AsyncCall call) const
inherited

Definition at line 101 of file AsyncJob.cc.

References AsyncCall::cancel(), debugs, HERE(), AsyncJob::inCall, and NULL.

◆ CBDATA_CLASS()

Security::PeerConnector::CBDATA_CLASS ( PeerConnector  )
private

◆ certDownloadingDone()

void Security::PeerConnector::certDownloadingDone ( SBuf object,
int  status 
)
protected

◆ certDownloadNestingLevel()

unsigned int Security::PeerConnector::certDownloadNestingLevel ( ) const
private

Definition at line 564 of file PeerConnector.cc.

References request().

◆ commCloseHandler()

void Security::PeerConnector::commCloseHandler ( const CommCloseCbParams params)
protected

◆ commTimeoutHandler()

void Security::PeerConnector::commTimeoutHandler ( const CommTimeoutCbParams )
protected

◆ computeMissingCertificateUrls()

bool Security::PeerConnector::computeMissingCertificateUrls ( const Connection sconn)
private

Definition at line 668 of file PeerConnector.cc.

References assert, debugs, and Ssl::missingChainCertificatesUrls().

◆ deleteThis()

void AsyncJob::deleteThis ( const char *  aReason)
protectedinherited

◆ disconnect()

void Security::PeerConnector::disconnect ( )
protected

Definition at line 484 of file PeerConnector.cc.

References comm_remove_close_handler(), and commUnsetConnTimeout().

◆ done()

bool AsyncJob::done ( ) const
protectedinherited

◆ doneAll()

bool Security::PeerConnector::doneAll ( ) const
protectedvirtual

Reimplemented from AsyncJob.

Definition at line 62 of file PeerConnector.cc.

References callback, and AsyncJob::doneAll().

◆ getTlsContext()

virtual Security::ContextPointer Security::PeerConnector::getTlsContext ( )
protectedpure virtual

Must implemented by the kid classes to return the TLS context object to use for building the encryption context objects.

Implemented in Ssl::PeekingPeerConnector, Security::BlindPeerConnector, and Ssl::IcapPeerConnector.

◆ handleMissingCertificates()

void Security::PeerConnector::handleMissingCertificates ( const Security::IoResult lastError)
protected

◆ handleNegotiationResult()

◆ initialize()

◆ isSuspended()

bool Security::PeerConnector::isSuspended ( ) const
inlineprotected

Definition at line 104 of file PeerConnector.h.

References suspendedError_.

◆ mustStop()

◆ negotiate()

void Security::PeerConnector::negotiate ( )
protected

Performs a single secure connection negotiation step. It is called multiple times until the negotiation finishes or aborts.

Definition at line 181 of file PeerConnector.cc.

References Ssl::VerifyCallbackParameters::At(), Security::Connect(), DBG_IMPORTANT, debugs, fd_table, and Security::IoResult::ioSuccess.

◆ negotiateSsl()

void Security::PeerConnector::negotiateSsl ( )
private

Definition at line 412 of file PeerConnector.cc.

References CallJobHere.

◆ NegotiateSsl()

void Security::PeerConnector::NegotiateSsl ( int  fd,
void *  data 
)
staticprivate

Definition at line 402 of file PeerConnector.cc.

References data.

◆ noteNegotiationDone()

virtual void Security::PeerConnector::noteNegotiationDone ( ErrorState error)
inlineprotectedvirtual

Called when the SSL negotiation to the server completed and the certificates validated using the cert validator.

Parameters
errorif not NULL the SSL negotiation was aborted with an error

Reimplemented in Ssl::PeekingPeerConnector, Ssl::IcapPeerConnector, and Security::BlindPeerConnector.

Definition at line 134 of file PeerConnector.h.

◆ noteNegotiationError()

void Security::PeerConnector::noteNegotiationError ( const Security::ErrorDetailPointer detail)
protectedvirtual

◆ noteWantRead()

void Security::PeerConnector::noteWantRead ( )
protected

Called when the openSSL SSL_connect fnction request more data from the remote SSL server. Sets the read timeout and sets the Squid COMM_SELECT_READ handler.

Definition at line 419 of file PeerConnector.cc.

References COMM_SELECT_READ, commSetConnTimeout(), commTimeoutHandler(), debugs, JobCallback, Comm::MortalReadTimeout(), and Comm::SetSelect().

◆ noteWantWrite()

void Security::PeerConnector::noteWantWrite ( )
protectedvirtual

Called when the openSSL SSL_connect function needs to write data to the remote SSL server. Sets the Squid COMM_SELECT_WRITE handler.

Reimplemented in Ssl::PeekingPeerConnector.

Definition at line 435 of file PeerConnector.cc.

References COMM_SELECT_WRITE, debugs, and Comm::SetSelect().

Referenced by Ssl::PeekingPeerConnector::checkForPeekAndSpliceMatched(), and Ssl::PeekingPeerConnector::noteWantWrite().

◆ operator=()

PeerConnector& Security::PeerConnector::operator= ( const PeerConnector )
private

◆ recordNegotiationDetails()

void Security::PeerConnector::recordNegotiationDetails ( )
protected

Called after negotiation finishes to record connection details for logging

Definition at line 163 of file PeerConnector.cc.

References BIO_get_data(), fd_table, and Ssl::ServerBio::receivedHelloDetails().

◆ resumeNegotiation()

void Security::PeerConnector::resumeNegotiation ( )
protected

Definition at line 697 of file PeerConnector.cc.

References fd_table, Must, SQUID_TLS_ERR_CONNECT, and Ssl::VerifyConnCertificates().

◆ sendSuccess()

void Security::PeerConnector::sendSuccess ( )
protected

Definition at line 477 of file PeerConnector.cc.

◆ serverConnection()

Comm::ConnectionPointer const& Security::PeerConnector::serverConnection ( ) const
inlineprotected

Definition at line 141 of file PeerConnector.h.

References serverConn.

Referenced by Security::BlindPeerConnector::getTlsContext().

◆ sslCrtvdCheckForErrors()

Security::CertErrors * Security::PeerConnector::sslCrtvdCheckForErrors ( Ssl::CertValidationResponse const &  resp,
ErrorDetailPointer errDetails 
)
private

◆ sslCrtvdHandleReply()

◆ sslFinalized()

bool Security::PeerConnector::sslFinalized ( )
protected

Called after negotiation has finished. Cleans up TLS/SSL state. Returns false if we are now waiting for the certs validation job. Otherwise, returns true, regardless of negotiation success/failure.

Definition at line 251 of file PeerConnector.cc.

References asyncCall(), DBG_IMPORTANT, debugs, Ssl::CertValidationRequest::domainName, ERR_GATEWAY_FAILURE, Ssl::CertValidationRequest::errors, fd_table, NULL, request(), Http::scInternalServerError, Ssl::CertValidationRequest::ssl, ssl_ex_index_server, ssl_ex_index_ssl_errors, sslCrtvdHandleReply(), Ssl::CertValidationHelper::Submit(), and Ssl::TheConfig.

◆ start()

void Security::PeerConnector::start ( )
protectedvirtual

Reimplemented from AsyncJob.

Definition at line 69 of file PeerConnector.cc.

References assert, debugs, ERR_CONNECT_FAIL, fd_table, Comm::IsConnOpen(), request(), Http::scBadGateway, and AsyncJob::start().

◆ Start()

◆ startCertDownloading()

void Security::PeerConnector::startCertDownloading ( SBuf url)
protected

◆ status()

const char * Security::PeerConnector::status ( ) const
protectedvirtual

for debugging, starts with space

Reimplemented from AsyncJob.

Definition at line 524 of file PeerConnector.cc.

References buf, and NULL.

◆ suspendNegotiation()

void Security::PeerConnector::suspendNegotiation ( const Security::IoResult lastError)
protected

Suspends TLS negotiation to download the missing certificates

Parameters
lastErroran error to handle when resuming negotiations

Definition at line 687 of file PeerConnector.cc.

References debugs, and Must.

◆ swanSong()

void Security::PeerConnector::swanSong ( )
protectedvirtual

◆ toCbdata()

virtual void* CbdataParent::toCbdata ( )
pure virtualinherited

Member Data Documentation

◆ al

AccessLogEntryPointer Security::PeerConnector::al
protected

Definition at line 164 of file PeerConnector.h.

◆ callback

AsyncCall::Pointer Security::PeerConnector::callback
protected

Definition at line 165 of file PeerConnector.h.

Referenced by PeerConnector().

◆ certsDownloads

unsigned int Security::PeerConnector::certsDownloads
private

Definition at line 197 of file PeerConnector.h.

◆ closeHandler

AsyncCall::Pointer Security::PeerConnector::closeHandler
private

Definition at line 191 of file PeerConnector.h.

Referenced by PeerConnector().

◆ downloadedCerts

Ssl::X509_STACK_Pointer Security::PeerConnector::downloadedCerts
private

Definition at line 201 of file PeerConnector.h.

◆ id

const InstanceId<AsyncJob> AsyncJob::id
protectedinherited

Definition at line 72 of file AsyncJob.h.

◆ inCall

AsyncCall::Pointer AsyncJob::inCall
protectedinherited

◆ MaxCertsDownloads

const unsigned int Security::PeerConnector::MaxCertsDownloads = 10
staticprivate

Definition at line 186 of file PeerConnector.h.

◆ MaxNestedDownloads

const unsigned int Security::PeerConnector::MaxNestedDownloads = 3
staticprivate

Definition at line 189 of file PeerConnector.h.

◆ negotiationTimeout

time_t Security::PeerConnector::negotiationTimeout
private

Definition at line 192 of file PeerConnector.h.

◆ noteFwdPconnUse

bool Security::PeerConnector::noteFwdPconnUse

Definition at line 68 of file PeerConnector.h.

◆ request

HttpRequestPointer Security::PeerConnector::request
protected

◆ serverConn

Comm::ConnectionPointer Security::PeerConnector::serverConn
protected

Definition at line 163 of file PeerConnector.h.

Referenced by PeerConnector(), and serverConnection().

◆ startTime

time_t Security::PeerConnector::startTime
private

Definition at line 193 of file PeerConnector.h.

◆ stopReason

const char* AsyncJob::stopReason
protectedinherited

◆ suspendedError_

Security::IoResultPointer Security::PeerConnector::suspendedError_
private

Definition at line 205 of file PeerConnector.h.

Referenced by isSuspended().

◆ typeName

◆ urlsOfMissingCerts

std::queue<SBuf> Security::PeerConnector::urlsOfMissingCerts
private

Definition at line 196 of file PeerConnector.h.

◆ useCertValidator_

bool Security::PeerConnector::useCertValidator_
private

whether the certificate validator should bypassed

Definition at line 194 of file PeerConnector.h.

Referenced by bypassCertValidator().


The documentation for this class was generated from the following files:

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors